U.S. patent application number 10/804593 was filed with the patent office on 2004-09-09 for virtual home agent service using software-replicated home agents.
This patent application is currently assigned to UTStarcom, Incorporated. Invention is credited to Dynarski, Richard J., Harper, Matthew, Mortsolf, Timothy G., Peirce, Kenneth L. JR., Xu, Yingchun.
Application Number | 20040174876 10/804593 |
Document ID | / |
Family ID | 22939898 |
Filed Date | 2004-09-09 |
United States Patent
Application |
20040174876 |
Kind Code |
A1 |
Peirce, Kenneth L. JR. ; et
al. |
September 9, 2004 |
Virtual home agent service using software-replicated home
agents
Abstract
Multiple home agents for a home agent service provider network
are implemented in a single computing platform in software as
multiple virtual home agents. Each home agent is assigned or
dedicated to a single virtual private network. Any number of home
agents can be realized in the computing platform by multiple
instantiations of a home agent program or code, and by providing
unique IP addresses for each instantiation. Each home agent runs
independently, and is independently configured and managed by the
subscriber of the virtual private network service, freeing the
service provider of having to manage and supervise low level
processing tasks and customization features that the subscribers
may want. In a representative embodiment, the computing platform
comprises a router having a general purpose-computing platform.
Inventors: |
Peirce, Kenneth L. JR.;
(Barrington, IL) ; Harper, Matthew; (Arlington
Heights, IL) ; Mortsolf, Timothy G.; (Lisle, IL)
; Xu, Yingchun; (Buffalo Grove, IL) ; Dynarski,
Richard J.; (Glen Ellyn, IL) |
Correspondence
Address: |
MCDONNELL BOEHNEN HULBERT & BERGHOFF LLP
300 S. WACKER DRIVE
32ND FLOOR
CHICAGO
IL
60606
US
|
Assignee: |
UTStarcom, Incorporated
Santa Clara
CA
3Com Corporation
|
Family ID: |
22939898 |
Appl. No.: |
10/804593 |
Filed: |
March 18, 2004 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10804593 |
Mar 18, 2004 |
|
|
|
10346897 |
Jan 16, 2003 |
|
|
|
6765900 |
|
|
|
|
10346897 |
Jan 16, 2003 |
|
|
|
09248617 |
Feb 25, 1999 |
|
|
|
6560217 |
|
|
|
|
Current U.S.
Class: |
370/352 |
Current CPC
Class: |
H04W 80/04 20130101;
H04L 63/0272 20130101; H04W 8/12 20130101; H04W 8/06 20130101; H04L
45/58 20130101; H04W 68/00 20130101; H04L 63/08 20130101; H04L
69/16 20130101 |
Class at
Publication: |
370/389 |
International
Class: |
H04L 012/56 |
Claims
We claim:
1. A method of providing home agent services, comprising the steps
of: providing a computing platform for receiving a plurality of
packets from a first network; implementing a plurality of home
agents in software in said computing platform; directing said
packets within said computing platform to the home agent associated
with said packets; processing said packets in said plurality of
home agents; and forwarding said packets from said computing
platform onto a second network for transmission to the destinations
for said packets.
2. The method of claim 1, wherein each of said home agents comprise
an instantiation of a home agent software program implemented in
said computing platform.
3. The method of claim 1, wherein said computing platform comprises
a router.
4. The method of claim 1, wherein said computing platform comprises
a general-purpose computer.
5. The method of claim 1, wherein each of said home agents are
assigned a unique TIP address.
6. A routing chassis processing packets for a plurality of mobile
communications devices, comprising: an interface to a first
network; two or more software-replicated home agents; and a means
for demultiplexing a plurality of packets arriving from said first
network at said first network interface and for forwarding said
packets to said plurality of home agents in accordance with
addresses contained in said packets.
7. The routing chassis of claim 6, further comprising two or more
interfaces to a second network, each of said interfaces to said
second network associated with one of said home agents.
8. The routing chassis of claim 6, wherein each of said home agents
comprise an instantiation of a home agent software program.
9. The routing chassis of claim 6, wherein each of said home agents
is assigned a unique TIP address.
10. The routing chassis of claim 6, wherein each of said home
agents processes registration request messages for a plurality of
mobile devices.
11. The routing chassis of claim 6, wherein each of said home
agents are associated with a virtual private network.
12. The routing chassis of claim 6, wherein said chassis is located
on a local area network and wherein said local area network
comprises an AAA server, said AAA server cooperating with said
chassis in processing a registration request message from one of
said wireless communications devices.
13. A method of handing a registration request from a mobile
communications device, comprising the steps of: providing a master
home agent in a communications chassis, said master home agent
comprising a plurality of software-replicated home agents;
receiving a registration request from said mobile communications
device at said communications chassis and forwarding said
registration request to one of a plurality of software-replicated
home agents in said communications chassis in accordance with an
address in said registration request; generating a registration
request authentication message in said one of said plurality of
software replicated home agents; transmitting said registration
request authentication message from said communications chassis to
an accounting, authentication, and authorization (AAA) server;
receiving a reply to said registration authentication message from
said AAA server at said one of said plurality of
software-replicated home agents; and forwarding a reply to said
registration request message from said communications chassis to
said mobile communications device.
Description
BACKGROUND OF THE INVENTION
[0001] A. Field of the Invention
[0002] This invention relates generally to the subject of mobile
Internet Protocol ("IP") data networking. The invention also
relates to the subject of virtual private networking.
[0003] B. Description of Related Art
[0004] A virtual private network ("VPN") is a service provided by a
telecomunications carrier (such as Sprint or AT&T) in which
their public network resources are logically organized by the
company but managed by the customer, in a manner to provide
capabilities similar to those offered by private networks. The
concept can be applied to public packet switched networks, e.g.,
Internet Protocol or Internet Packet eXchange ("IPX") networks.
Essentially, a virtual private network is equivalent to a private
data network defined logically within a public network, offering
the user the economies of scale of the public network, but the
control and management capabilities that are found in a private
network.
[0005] Where a public IP/IPX network supports virtual private
networks, then the elements of the network must be configured to
handle data traffic for multiple virtual private networks at the
same time. For example, a router in the network would have to
handle packets for each virtual private network individually, since
each virtual private network is managed separately and will
typically have its own unique addressing and routing schemes.
[0006] Public packet switched networks can be used to carry traffic
to and from a mobile communications device, such as a laptop
computer or personal digital assistant equipped with a cellular
telephone modem. The basic architecture of mobile IP data
networking is known in the art and described in several
publications, including the Request for Comments document RFC 2002
(1996) and in the textbook of Charles E. Perkins, Mobile IP Design
Principles and Practices, Addison-Wesley Wireless Communications
Series (1998), the contents of both of which are incorporated by
reference herein.
[0007] Basically, in Mobile IP communication, a wireless mobile
node communicates with a terminal on an IP netmvork by means of a
foreign agent and a home agent. Typically, foreign agent
functionality is incorporated into a router or network access
server chassis located on a mobile node's visited network. The
foreign agent provides routing services for the mobile node while
it is registered with the foreign agent. The foreign agent
de-tunnels and delivers datagrams to the mobile node that were
tunneled by the mobile node's home agent. The home agent is a
router on a mobile node's home network that tunnels datagrams for
delivery to the mobile node via the foreign agent when the mobile
node is away from home. The home agent maintains current location
information for the mobile node, through a variety of possible
mechanisms, such as described in the patent application of Richard
J. Dynarski, et al., "Dynamic Allocation of Wireless Mobile Nodes
Over an Internet Protocol (IP) Network", Ser. No. 09/233,381, which
is incorporated by reference herein. When multiple home agents are
handling calls for multiple mobile nodes simultaneously, the home
agents are providing, in essence, a service analogous to virtual
private network services. Each mobile node is typically associated
with a separate home network and the routing path from that home
network, through the home agent, to the foreign agent and mobile
node is like a virtual private network for the mobile node.
[0008] The known prior art for providing Mobile IP networking
services has embraced the concept of a single home agent for a
given network. However, some larger scale providers of Mobile IP
networking services may require multiple home agents on their
networks. One possible approach is to provide multiple home agents
in separate chassis. Another approach is to provide a single home
agent but design the home agent such that it has an internal
architecture to support multiple networks (e.g. multiple virtual
private networks). This approach is not considered very attractive,
in that management of the home agent would be cumbersome.
Furthermore, the home agent would not be particularly fault
tolerant. in that any mechanical or software problem in the home
agent would potentially affect a large number of virtual private
networks.
[0009] The present invention provides an efficient, easy to manage
method for providing a plurality of home agents on a network. All
of the home agents are implemented in a single computing platform.
That is, rather than attempting to use a single home agent with an
internal architecture to support multiple networks, multiple real
home agents, each comprising an instantiation of a home agent
software program or code, are implemented in the computing
platform. Each home agent is dedicated to performing home agent
tasks for a single virtual private network. Each home agent is
given its own unique address in the computing platform, thereby
providing a mechanism for isolating the processing for each home
agent from the other processing. The result is an easily managed,
scaleable, and fault tolerant mechanism for providing home agent
services, particular in high density and large scale
implementations of mobile IP.
[0010] These and other features of the present invention will be
more apparent from the following detailed description of presently
preferred embodiment.
SUMMARY OF THE INVENTION
[0011] A method for providing home agent services for a plurality
of mobile communications devices is provided. The method may be
practiced in the context of virtual private network environment, or
otherwise. The method makes use of a computing platform (such as a
general purpose computer, router, or network access server) that
receives a plurality of packets from a first network. The computing
platform is configured as a master home agent device, which
implements a plurality of real home agents as distinct processing
threads in software. For example, the plurality of home agents may
comprise multiple instantiations or replications of a home agent
software program or process. The packets that are incoming into the
computing platform are directed to the home agent that is
associated with the packet. This is preferably accomplished by
providing each software-replicated home agent with a unique TIP
address for purposes of directing the packets to the proper home
agent.
[0012] The packets are processed in the plurality of home agents in
accordance with the requirements of RF 2002 and mobile TIP
protocols for home agents, or some lesser set of home agent
functionality for mobile TIP networking if RF 2002 is not fully
supported. For example, the packets may comprise registration
request messages from the mobile communications devices. The home
agent would then either process the registration request message
itself or use an Accounting, Authorization and Authentication (AAA)
server to perform some of the processing, such as authentication
processing. As another example, the packets may be data packets to
be forwarded from the home agent to the mobile communications
device. After processing the packet in the home agent, the packets
are forwarded onto a second network for transmission to a
destination for the packets.
[0013] Preferably, in the above method each of the home agents
comprise an instantiation of a home agent software program
implemented in the computing platform. Further, each instantiation
of the home agent software program is given a unique address in the
routing chassis. This keeps the processing for each home agent
separate from each other. This also makes the system more fault
tolerant and more easily managed by known management protocols
(SNMP, etc.).
[0014] The computing platform or chassis that the above method is
implemented may comprises a router, a general purpose computer or
any other suitable network element. The main requirement is that it
would have a central processing unit and an operating system
capable of implementing multiple software-replicated home agents,
maintaining separate addresses for each of them, and having the
necessary hardware and software interfaces to other communications
elements (such as the networks that are used, and possibly an AAA
server), in order to provide the desired home agent service for a
plurality of mobile communications devices.
[0015] The invention is particularly suitable for use in a virtual
private network context. The chassis providing the VPN/home agent
services would typically be managed by a wireless service provider.
Each home agent would be managed separately either by the service
provider, or more preferably by the user of that home agent. The
exact manner in which the individual home agents would be managed
would typically be worked out as a contractual matter between the
provider of the chassis and the company it is providing service to.
In any event, the segregation of each home agent into separate
address space in the computing platform or chassis will allow each
home agent to be independently managed.
[0016] In another aspect of the invention, a routing chassis
processing packets for a plurality of mobile communications devices
is provided. The routing chassis comprises an interface to a first
network, two or more software-replicated home agents that are
running on a computing platform in the routing chassis, and a means
(such as a TIP stack implemented in a operating system running on
the computing platform, or the equivalent) for demultiplexing a
plurality of packets arriving from the first network at the first
network interface and for forwarding the packets to the plurality
of home agents in accordance with addresses contained in the
packets. Preferably, each of the home agents comprises an
instantiation of a home agent software program.
[0017] In a representative embodiment, the routing chassis
comprises two or more interfaces to a second network such as wide
area network, wherein each of the interfaces to the second network
is associated with one of the home agents. The wide area network
may for example provide long haul delivery of packets from the
mobile communications device to the device's home network.
Furthermore, each of the home agents may be associated with a
virtual private network.
[0018] In yet another aspect of the invention, a method of handing
a registration request from a mobile communications device is
provided. The method comprises the steps of implementing a master
home agent in a communications chassis such as a router or
general-purpose computer. The master home agent comprises a
plurality of software-replicated home agents. A registration
request message is received from the mobile communications device
at the communications chassis and forwarded to one of the plurality
of software-replicated home agents. The forwarding is accomplished
by reference to an address in the registration request, with each
of the software replicated home agents having a unique address.
[0019] The software-replicated home agent generates a registration
request authentication message and transmits the registration
request authentication message to an AAA server. The AAA server
either authenticates or does not authenticate the mobile
communications device and sends an authentication reply message
back to the home agent. The reply is forwarded from the
communications chassis to the mobile communication device.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] In the following description, reference will be made to the
appended drawings. Wherein like reference numbers refer to like
elements in the various views, and in which:
[0021] FIG. 1 is an illustration of a virtual private network
architecture for a plurality of mobile nodes or communications
devices. in which home agent functionality for a plurality of
networks is spread out among several home agents, each comprising a
separate computing platform;
[0022] FIG. 2 is an illustration of a virtual private network
architecture for a plurality of mobile nodes, in which the
functionality of all the home agents of FIG. 1 is combined into a
single computing platform, functioning as a router, which is
designated a "master home agent." The master home agent implements
a plurality of software- replicated home agents.
[0023] FIG. 3 is an illustration of the software architecture for
the computing platform comprising the master home agent of FIG. 2,
in which up to n software replicated home agents are implemented,
each assigned or dedicated to one virtual private network.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT OF THE
INVENTION
[0024] Overview of Representative Virtual Private Network System
for Mobile TIP Nodes
[0025] Referring now to FIG. 1, a basic architecture for providing
TIP networking services for a group of mobile nodes is shown
schematically. In the example of FIG. 1, three wireless users.
designated 10A, 10B and 10C, send and receive TIP packets with host
computers on their home networks 11A, 11B and 11C, respectively.
The wireless users or nodes send and receive TIP packets by means
of a radio access network 12 (the details of which are not
important) and one of a plurality of network access servers 13A,
13B, 13C, 13D that function as foreign agents for the wireless
devices. The foreign agents 13A . . . 13D are on a network
maintained by a provider of mobile TIP service, such as a wireless
communications company or other suitable entity. The network access
servers 13A . . . 13D are of the general type described in the
patent of Dale M. Walsh et al., U.S. Pat. No. 5,528,595 and
assigned to the assignee of the present invention. Such network
access servers are available from companies such as 3Com
Corporation, Ascend Communications, and Lucent Technologies.
Basically, the network access servers 13A . . . 13D implement
foreign agent functions as specified by RF 2002 and provide access
to all TIP wide area network such as the Internet 16.
[0026] TIP packets for the mobile devices are tunneled to the
respective foreign agent by a home agent in accordance with the
Mobile TIP protocol. In the example of FIG. 1, the home agent
service provider maintains a network 14 including a local area
network 17 in which multiple real home agents 18 are located. In
the example of FIG. 1, four such home agents 18A . . . 18D are
provided. Each home agent comprises a router with an interface to
the local area network and a wide area network interface that
connects the home agent to a backhaul network 19 (which may be an
Asynchronous Transfer Mode network, frame relay network or ocher
type of network) The backhaul network 19 is in turn connected via
suitable routers to the individual home networks 11A, 11B and 11C
of the users 10A, 10B and 10C, respectively.
[0027] While the architecture of FIG. 1, and specifically the
multiple home agent implementation with multiple discrete chassis
is certainly one possible solution for a large scale virtual
private network system for multiple mobile TIP users, it can be
improved upon. With reference to FIG. 2, we propose consolidating
the home agents 18A . . . 18D (or more of such home agents) into a
single chassis, designated the master home agent 26. The master
home agent 26 serves all of the mobile users 10A, 10B, 10C, etc.
and all the virtual private networks that are set up between the
mobile users and their home networks 11A, 11B and 11C. Rather than
attempt to structure the master home agent 26 with an internal
software architecture to support multiple networks within a single
home agent process, the present invention provides for
implementing, in the master home agent 26, multiple real,
software-replicated home agents, each comprising an instantiation
of a home agent software process or program. This will be described
in further detail in conjunction with FIG. 3.
[0028] The advantages of multiple real software-based home agents
within a single chassis are many. The ease of management,
scalability, fault-tolerance, and ease of implementation are
perhaps the most striking. Thus, the solution of FIG. 2 is
considered a substantial improvement over the alternative
organization scheme of FIG. 1.
[0029] Furthermore, in another aspect of the invention, the master
home agent 26 takes advantage of an AAA server 28 on the local area
network 17 for purposes of registration request authentication
processing. This off-loads some of the processing and memory
requirements from the master home agent and further facilitates
management, accounting and authentication issues for the provider
of the virtual private network and mobile TIP services. This
feature will be explained further below.
[0030] Software Architecture of Virtual Home Agent Platform
[0031] The master home agent 26 of FIG. 2 consists of a computing
platform such as a general purpose computer or router, which is set
up with a software architecture and hardware interfaces to function
as an home agent for the Mobile TIP protocol. As such, it consists
of a central processing unit, memory, local and wide area network
interface cards and drivers and other hardware (not shown) that
will be apparent to a person skilled in the art in view of the
present discussion and known router platforms. The details of the
hardware are not particularly important. For the purposes of the
present invention, the software architecture is the pertinent
consideration, and such software architecture is illustrated in
FIG. 3.
[0032] The basic concept of the multiple, real, software-replicated
home agent is that the master home agent 26 is a computing platform
that implements, via software, multiple home agent process or
threads 62A, 62B, . . . 62N. Each home agent 62 is an instantiation
of a home agent program or code. Each home agent process is
responsible for processing only a subset of the hardware interfaces
within the complete system, one software replicated home agent
designated to one virtual private network, one LAN interface and
one wide area network interface.
[0033] Each software replicated home agent 62A, 62B . . . 62N is
assigned a unique TIP address which is used by the operating system
(OS) TIP stack 52 to demultiplex packets received on the LAN
interface(s) 54. Each home agent process is also connected to a set
of Point-Point WAN interfaces 64, which could be realized by Frame
Relay. Asynchronous Transfer Mode (ATM) or any other Point-Point
WAN Interface.
[0034] This structure allows the master home agent 26 to
instantiate any number of multiple different home agents, each one
isolated for the other by the operating system in the master home
agent. This allows each home agent 62 to be configured differently,
and provide different types of home agent services and
configurations on a per-VPN basis. Each of the individual home
agent instantiations 62A, 6B, . . . 62N are not aware of the
different multiple virtual private networks within the master home
agent platform; rather, they are simply handling registration
requests, authentication and other functions according to their
internal configuration.
[0035] Additionally, the software architecture of FIG. 3 is much
more fault tolerant than prior art approaches. This stems from the
feature of separating the individual home agents into different
address spaces, and thus different processes. If any one home agent
misbehaves, the problem can be fixed or isolated, without affecting
any of the other home agents or virtual private networks that are
currently active.
[0036] The master home agent computing platform of FIGS. 2 and 3
has a LAN interface 54 with an address on the TIP/IPX network 14 of
the form X.sub.1.X.sub.2.X.sub.3.0, where X.sub.i is some 3 digit
number. The LAN interface 54 receives packets from the TIP/IPX
network 14 that are designated or belong to any arbitrary number of
virtual private networks and home agents. The particular virtual
private network to which the packet belongs is determined by an TIP
address contained in the packet, as discussed below.
[0037] The LAN interface 54 forwards packets from the virtual home
agent service provider network 14 to an operating system OS TIP
stack 52 for the master home agent. The operating system in the
chassis or master home agent 26 will typically support various
communications features, such as an TIP protocol stack or software
module, of which persons skilled in the art are familiar. The
incoming packet from the TIP/IPX network 14 will have an TIP
address associated with one of N possible tunnels, such as
X.sub.1.X.sub.2.X.sub.3.1 (tun0 in FIG. 3). The OP TIP stack 52
uses this TIP address to demultiplex the packet and select the
proper home agent process 62 to process the packet.
[0038] For a packet with an address of X.sub.1.X.sub.2.X.sub.3.1 ,
the packet is routed to home agent process 62A by a sorting module
56. The sorting module 56 sorts the packets according to the home
agent address in the packet and forwards the packet to the
specified home agent process 62A, 62B, . . . 62N (each of which is
associated with a unique address). The home agent process 62A acts
as a home agent for virtual private network no. 1 in the present
example. The home agent process 62A serves mobile node A (10A) in
FIG. 2 and mobile node A's home network 11A.
[0039] This sorting process further demultiplexes the packet using
the information in the TIP tunnel header to decide where to route
the packet internal to the home agent process 62A itself. This step
allows the home agent process 62A to terminate certain types of
data packets, such as Network Management packets (using known
management protocols such as SNMP, CMIP, etc.), within the
individual processes. This step removes the tunneled packet header
leaving the original packet to be forwarded/processed.
[0040] When the packet is sent to the home agent process 62A, the
home agent functionality as specified in RF 2002 is performed. The
packet is forwarded to a wide area network interface WAN #0 in the
WAN interface module 64. WAN #0 interface is an interface that is
assigned or dedicated to the VPN #1 home agent 62A. The packet is
then sent out via the WAN#0 interface for transmission on backhaul
network 19 to a terminal on the customer's network 11A.
[0041] For traffic going in the opposite direction, an un-tunneled
TIP packet arrives on WAN #0 interface, and is forwarded the home
agent process 62A. The home agent process 62A uses a routing table
to determine which foreign agent (e.g., 13A or 13B of FIG. 2) to
forward the packet to. The routing table is built from routing
packets its receives on either its WAN interface or its tunX
interface. It uses this information to build a tunneled TIP packet
to send via the OS TIP stack 52. The OS TIP stack 52 uses the
information in the TIP header to route the packet to the designated
foreign agent e.g., 13A of FIG. 2.
[0042] While the process has been described for one home agent 62A
for one virtual private network, it will be appreciated that the
process is going on in parallel for multiple virtual private
networks in the other home agents 62B, . . . 62N in the master home
agent 26. In particular, multiple software-replicated home agents
62A-62N may be instantiated by the operating system at the same
time, each one dedicated to its own virtual private network.
[0043] Furthermore, since each home agent 62A, 62B . . . 62N is
associated with a unique TIP address, when the packets are
forwarded to the various home agents processes, the information in
the TIP tunnel header will allow each home agent to terminate
management packets, independently of each other, and thus allow
each home agent to be separately managed by the VPN subscriber. The
management of the separate routing and home agent processes is
completely segregated in the master home agent chassis 26 along VPN
and home agent customer boundaries. A user of the VPN and its
associated home agent can only access and see its own home agent
configuration. Additionally, the structure and organization of the
master home agent and the network topology of the home agent
service provider is completely hidden. This allows the users of the
home agent service to be given access to their own home agent
process without the need to implement special software to prevent
them from accessing or changing another instantiation of a home
agent. The entity providing home agent services does not have to be
involved in configuration and management of each home agent, as it
is left up to the customer. As such, the present invention presents
to Mobile TIP providers an attractive, flexible and easily managed
means for providing home agents for its Mobile TIP customers.
[0044] From the foregoing, it will be appreciated that we have
described a method of providing home agent services for virtual
private networks, comprising the steps of:
[0045] providing a computing platform (e.g., master home agent 26
or a router in the home agent service provider network) for
receiving a plurality of packets from a first network (e.g., TIP
Network 14), with the plurality of packets associated with a
plurality of different virtual private networks or mobile
communications devices;
[0046] implementing a plurality of home agents 62A . . . 62N in the
computing platform;
[0047] directing the packets within the computing platform 26 to
the home agents 69A, 69B etc. associated with the packets;
[0048] processing the packets in the plurality of home agents;
and
[0049] forwarding the packets from the computing platform 26 onto a
second network (e.g., WAN 28) for transmission to the destinations
for the packets.
[0050] Preferably, each of the home agents comprise a separate
instantiation of a home agent software program or code implemented
in the computing platform. Further, preferably each home agent is
assigned or associated with a unique TIP address.
[0051] While the multiple software home agents are implemented in a
router comprising a master home agent in the illustrated
embodiment, it is possible to implement the invention in another
type of computing platform.
[0052] It will also be appreciated that we have described a
processing platform for a plurality of packets associated with a
plurality of virtual private networks. The processing or computing
platform could be implemented in a general-purpose computer
configured with hardware interfaces and suitable software to
function as a virtual home agent router, or other suitable device.
The processing platform comprises a suitable central processing
unit and an operating system program implemented by the central
processing unit (e.g., Windows NT). The operating system has as a
feature an Internet Protocol (TIP) stack. A plurality of home
agents comprising multiple instantiations of a home agent program
62A, 62B, . . . (FIG. 3) are implemented in the computing platform.
Each home agent is associated with one of the virtual private
networks, and each home agent has or is associated with a unique
TIP address. A plurality of network interfaces 64 (FIG. 3) are
provided in the computing platform that receive the packets from
the home agents. The TIP stack 52 directs the packets to the home
agents 62A, 62B, etc. assigned to the packets for processing, and
the home agents forward the packets to the network interfaces 64
for transmission to a destination (e.g., a RADIUS server, foreign,
agent, host computer, etc.).
[0053] In a preferred embodiment, each of the home agents are
separately configured by a user subscribing to its associated
virtual private network service, by means such as SNMP or other
management packets that are terminated in the home agent processes
62A, 62B, etc.
[0054] Further, it will be appreciated that any arbitrary number of
software instantiated home agents can be implemented in the
computing platform. For example, more than 20 distinct
instantiations of the home agent program could be running at one
time, each one serving a different virtual private network.
[0055] Referring now to FIG. 2, the use of the AAA server 28 in
performing registration request authentication functions for a
plurality of mobile nodes will be described. For a mobile node to
communicate with its peer in the mobile TIP protocol, it must be
registered with the foreign agent. During the registration process,
the foreign agent (e.g., one of the network access servers 13 of
FIG. 2) sends a registration request message to the home agent for
the mobile device. To determine whether the mobile node should be
registered or not the home agent needs to perform an authentication
function for the mobile node. This is to insure that only current
subscribers are allowed TIP network access, and to deny such access
where the mobile node has not paid their bill, is no longer a
current subscriber, or is otherwise unauthorized to access the
service. While the registration request authentication function
could be performed entirely within the computing platform in the
master home agent chassis, we prefer to have the authentication
function carried out in the AAA server 28. More specifically,
information from the registration request (such as the mobile
node's IMSI or ESN number, that is, serial number type of
information uniquely identifying the device) is forwarded to the
AAA server. The AAA server determines from this number whether the
mobile node that is seeking registration is authorized or not. The
AAA in turn sends a reply indicating the status of the registration
request authentication back to the home agent 62 (that is, back to
the particular instantiation of the home agent program that sent
the authentication request to the AAA server). The home agent then
sends back a reply to the registration request message back to the
foreign agent, which in turn forwards it to the mobile node. If the
registration request is denied, an error code may be included in
the reply. Further details on this process are described in the
patent application of Richard J. Dynarski, et al., "RADIUS-based
Mobile Internet Protocol (TIP) address-to-Mobile Identification
Number Mapping for Wireless Communication", Ser. No. ______ filed
Jan. 19, 1999, the contents of which are fully incorporated by
reference herein.
[0056] Persons skilled in the art will appreciate that various
modifications and alterations from the presently preferred
embodiment can be made without departure from the true scope and
spirit of the invention. This true scope and spirit is defined by
the appended claims. to be interpreted in light of the
foregoing.
* * * * *